Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG picks up same trojans at same exact time every day.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Jusuchin

Jusuchin

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 02 May 2012 - 09:27 PM

Continued from here: http://www.bleepingcomputer.com/forums/topic451833.html/page__pid__2685263#entry2685263

GMER scan came up blank, although all but the Services, Registries, Files, and C:/ checkmarks were grayed out. Bad install?

Anyways, here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jusuchin at 20:57:29 on 2012-05-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2150 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Chatango\Chatango.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe
uRun: [Akamai NetSession Interface] "C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleData] rundll32.exe "C:\Users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL",DllRegisterServer
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GoogleData] rundll32.exe "C:\Users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL",DllRegisterServer
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\0516E67696C696E616E6 : DhcpNameServer = 202.88.64.61 202.88.64.62
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\2343341453 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\45865664F6273656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\57D646D2375636572756 : DhcpNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\D41637F6E6 : DhcpNameServer = 129.174.97.3 129.174.68.227 129.174.1.3
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\D447E2542796E6 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{AE850111-EA2A-4555-B515-EC52995FEC97} : DhcpNameServer = 192.168.15.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://randomc.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cadb78-86f0-4b25-b36a-0ec68835820c%7D&mid=611f9f5e862647d09880d16f2ade70b0-bf6e22dc7eec45253c3081a3f84b54c684ab4124&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-26%2023%3A55%3A25&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\DRIVERS\LVUSBS64.sys --> C:\windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-8 5158992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys --> C:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-05-02 18:44:11 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-01 10:12:56 -------- d-----w- C:\Users\Jusuchin\AppData\Roaming\SUPERAntiSpyware.com
2012-05-01 10:12:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-01 10:12:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-30 11:13:32 955848 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-04-30 11:13:32 839112 ----a-w- C:\windows\System32\deployJava1.dll
2012-04-29 06:23:23 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-27 04:04:38 -------- d-----w- C:\Users\Jusuchin\AppData\Roaming\AVG
2012-04-27 03:56:53 -------- d-----w- C:\Users\Jusuchin\AppData\Roaming\AVG2012
2012-04-27 03:55:36 -------- d-----w- C:\Users\Jusuchin\AppData\Local\AVG Secure Search
2012-04-27 03:55:24 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-04-27 03:55:21 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-04-27 03:55:20 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-04-27 03:54:34 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-04-27 03:53:55 -------- d--h--w- C:\$AVG
2012-04-27 03:53:55 -------- d-----w- C:\windows\System32\drivers\AVG
2012-04-27 03:53:55 -------- d-----w- C:\ProgramData\AVG2012
2012-04-27 03:53:10 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-27 03:50:58 -------- d--h--w- C:\ProgramData\Common Files
2012-04-27 03:50:47 -------- d-----w- C:\ProgramData\MFAData
2012-04-24 08:07:43 -------- d-----w- C:\Program Files (x86)\WoT Skins Installer
2012-04-24 01:06:27 -------- d-----w- C:\Program Files (x86)\Poedit
2012-04-23 20:04:24 -------- d-----w- C:\Games
2012-04-20 01:59:58 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-20 01:59:58 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-19 23:28:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 18:21:03 8766112 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 15:29:18 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-19 08:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-04-12 21:26:14 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 21:26:13 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 21:26:13 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 21:23:24 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 21:23:24 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 21:23:24 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 21:23:23 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 21:23:23 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 21:23:23 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 21:23:23 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-19 18:21:20 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 18:21:20 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-19 09:17:26 383808 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-22 09:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-08 01:02:22 768848 ----a-w- C:\windows\SysWow64\msvcr100.dll
2012-02-08 01:02:22 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 20:58:57.55 ===============


Attached File  Attach.txt   11.88KB   0 downloads

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 06 May 2012 - 10:10 AM

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jusuchin at 20:57:29 on 2012-05-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2150 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Chatango\Chatango.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe
uRun: [Akamai NetSession Interface] "C:\Users\Jusuchin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleData] rundll32.exe "C:\Users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL",DllRegisterServer
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GoogleData] rundll32.exe "C:\Users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL",DllRegisterServer
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\0516E67696C696E616E6 : DhcpNameServer = 202.88.64.61 202.88.64.62
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\2343341453 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\45865664F6273656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\57D646D2375636572756 : DhcpNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\D41637F6E6 : DhcpNameServer = 129.174.97.3 129.174.68.227 129.174.1.3
TCP: Interfaces\{46445E38-EFFD-4CD0-ACCD-07E199A2DD50}\D447E2542796E6 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{AE850111-EA2A-4555-B515-EC52995FEC97} : DhcpNameServer = 192.168.15.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://randomc.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cadb78-86f0-4b25-b36a-0ec68835820c%7D&mid=611f9f5e862647d09880d16f2ade70b0-bf6e22dc7eec45253c3081a3f84b54c684ab4124&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-26%2023%3A55%3A25&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\DRIVERS\LVUSBS64.sys --> C:\windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-8 5158992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys --> C:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 06 May 2012 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 Jusuchin

Jusuchin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 07 May 2012 - 08:53 PM

Sorry for late response, was working.

TDSS:

21:44:37.0428 6928 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:44:37.0725 6928 ============================================================
21:44:37.0725 6928 Current date / time: 2012/05/07 21:44:37.0725
21:44:37.0725 6928 SystemInfo:
21:44:37.0725 6928
21:44:37.0725 6928 OS Version: 6.1.7601 ServicePack: 1.0
21:44:37.0725 6928 Product type: Workstation
21:44:37.0725 6928 ComputerName: KATERINE
21:44:37.0725 6928 UserName: Jusuchin
21:44:37.0725 6928 Windows directory: C:\windows
21:44:37.0725 6928 System windows directory: C:\windows
21:44:37.0725 6928 Running under WOW64
21:44:37.0725 6928 Processor architecture: Intel x64
21:44:37.0725 6928 Number of processors: 2
21:44:37.0725 6928 Page size: 0x1000
21:44:37.0725 6928 Boot type: Normal boot
21:44:37.0725 6928 ============================================================
21:44:39.0191 6928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:44:39.0191 6928 Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:44:39.0207 6928 Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:44:39.0222 6928 ============================================================
21:44:39.0222 6928 \Device\Harddisk0\DR0:
21:44:39.0222 6928 MBR partitions:
21:44:39.0222 6928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2340F800
21:44:39.0222 6928 \Device\Harddisk1\DR5:
21:44:39.0238 6928 MBR partitions:
21:44:39.0238 6928 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
21:44:39.0238 6928 \Device\Harddisk1\DR5:
21:44:39.0253 6928 MBR partitions:
21:44:39.0253 6928 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
21:44:39.0253 6928 ============================================================
21:44:39.0316 6928 C: <-> \Device\Harddisk0\DR0\Partition0
21:44:39.0425 6928 H: <-> \Device\Harddisk1\DR5\Partition0
21:44:39.0425 6928 ============================================================
21:44:39.0425 6928 Initialize success
21:44:39.0425 6928 ============================================================
21:45:32.0186 7112 ============================================================
21:45:32.0186 7112 Scan started
21:45:32.0186 7112 Mode: Manual;
21:45:32.0186 7112 ============================================================
21:45:33.0122 7112 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:45:33.0122 7112 !SASCORE - ok
21:45:33.0730 7112 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:45:33.0730 7112 1394ohci - ok
21:45:34.0167 7112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:45:34.0167 7112 ACPI - ok
21:45:34.0261 7112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:45:34.0261 7112 AcpiPmi - ok
21:45:34.0495 7112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:34.0495 7112 AdobeARMservice - ok
21:45:34.0713 7112 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:45:34.0713 7112 AdobeFlashPlayerUpdateSvc - ok
21:45:34.0931 7112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:45:34.0931 7112 adp94xx - ok
21:45:35.0041 7112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:45:35.0041 7112 adpahci - ok
21:45:35.0150 7112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:45:35.0150 7112 adpu320 - ok
21:45:35.0212 7112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:45:35.0212 7112 AeLookupSvc - ok
21:45:35.0368 7112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:45:35.0368 7112 AFD - ok
21:45:35.0618 7112 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
21:45:35.0618 7112 AgereModemAudio - ok
21:45:35.0945 7112 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys
21:45:35.0961 7112 AgereSoftModem - ok
21:45:36.0070 7112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:45:36.0070 7112 agp440 - ok
21:45:36.0164 7112 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:45:36.0164 7112 ALG - ok
21:45:36.0304 7112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:45:36.0304 7112 aliide - ok
21:45:36.0507 7112 AMD External Events Utility (98a2774d3f18c107874c8c1163ebe484) C:\windows\system32\atiesrxx.exe
21:45:36.0507 7112 AMD External Events Utility - ok
21:45:36.0585 7112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:45:36.0585 7112 amdide - ok
21:45:36.0757 7112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:45:36.0757 7112 AmdK8 - ok
21:45:36.0788 7112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:45:36.0803 7112 AmdPPM - ok
21:45:36.0881 7112 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:45:36.0881 7112 amdsata - ok
21:45:36.0959 7112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:45:36.0959 7112 amdsbs - ok
21:45:36.0975 7112 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:45:36.0975 7112 amdxata - ok
21:45:37.0053 7112 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:45:37.0069 7112 AppID - ok
21:45:37.0131 7112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:45:37.0147 7112 AppIDSvc - ok
21:45:37.0225 7112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:45:37.0240 7112 Appinfo - ok
21:45:37.0427 7112 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:45:37.0443 7112 arc - ok
21:45:37.0552 7112 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:45:37.0552 7112 arcsas - ok
21:45:37.0599 7112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:45:37.0615 7112 AsyncMac - ok
21:45:37.0693 7112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:45:37.0693 7112 atapi - ok
21:45:38.0051 7112 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
21:45:38.0083 7112 athr - ok
21:45:38.0956 7112 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys
21:45:39.0003 7112 atikmdag - ok
21:45:39.0253 7112 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
21:45:39.0253 7112 AtiPcie - ok
21:45:39.0377 7112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:45:39.0377 7112 AudioEndpointBuilder - ok
21:45:39.0393 7112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:45:39.0393 7112 AudioSrv - ok
21:45:39.0923 7112 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:45:39.0955 7112 AVGIDSAgent - ok
21:45:40.0189 7112 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
21:45:40.0189 7112 AVGIDSDriver - ok
21:45:40.0220 7112 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
21:45:40.0235 7112 AVGIDSFilter - ok
21:45:40.0251 7112 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
21:45:40.0251 7112 AVGIDSHA - ok
21:45:40.0313 7112 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
21:45:40.0313 7112 Avgldx64 - ok
21:45:40.0345 7112 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
21:45:40.0345 7112 Avgmfx64 - ok
21:45:40.0407 7112 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
21:45:40.0407 7112 Avgrkx64 - ok
21:45:40.0469 7112 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
21:45:40.0469 7112 Avgtdia - ok
21:45:40.0610 7112 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:45:40.0610 7112 avgwd - ok
21:45:40.0672 7112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:45:40.0672 7112 AxInstSV - ok
21:45:40.0766 7112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:45:40.0781 7112 b06bdrv - ok
21:45:40.0859 7112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:45:40.0875 7112 b57nd60a - ok
21:45:40.0953 7112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:45:40.0953 7112 BDESVC - ok
21:45:40.0969 7112 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:45:40.0969 7112 Beep - ok
21:45:41.0078 7112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
21:45:41.0093 7112 BITS - ok
21:45:41.0140 7112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:45:41.0156 7112 blbdrive - ok
21:45:41.0218 7112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:45:41.0234 7112 bowser - ok
21:45:41.0265 7112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:45:41.0281 7112 BrFiltLo - ok
21:45:41.0281 7112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:45:41.0296 7112 BrFiltUp - ok
21:45:41.0359 7112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:45:41.0359 7112 Browser - ok
21:45:41.0437 7112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:45:41.0437 7112 Brserid - ok
21:45:41.0468 7112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:45:41.0468 7112 BrSerWdm - ok
21:45:41.0483 7112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:45:41.0483 7112 BrUsbMdm - ok
21:45:41.0499 7112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:45:41.0515 7112 BrUsbSer - ok
21:45:41.0561 7112 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\windows\system32\DRIVERS\motfilt.sys
21:45:41.0561 7112 BTCFilterService - ok
21:45:41.0593 7112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:45:41.0593 7112 BTHMODEM - ok
21:45:41.0655 7112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:45:41.0671 7112 bthserv - ok
21:45:41.0811 7112 ccEvtMgr (399a7df138d2110a3eb9bd64d6327f62) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:45:41.0827 7112 ccEvtMgr - ok
21:45:41.0827 7112 ccSetMgr (399a7df138d2110a3eb9bd64d6327f62) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:45:41.0827 7112 ccSetMgr - ok
21:45:41.0873 7112 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:45:41.0873 7112 cdfs - ok
21:45:41.0951 7112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:45:41.0967 7112 cdrom - ok
21:45:42.0014 7112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:45:42.0014 7112 CertPropSvc - ok
21:45:42.0170 7112 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
21:45:42.0170 7112 cfWiMAXService - ok
21:45:42.0248 7112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:45:42.0248 7112 circlass - ok
21:45:42.0310 7112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:45:42.0310 7112 CLFS - ok
21:45:42.0419 7112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:42.0419 7112 clr_optimization_v2.0.50727_32 - ok
21:45:42.0466 7112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:45:42.0466 7112 clr_optimization_v2.0.50727_64 - ok
21:45:42.0607 7112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:42.0607 7112 clr_optimization_v4.0.30319_32 - ok
21:45:42.0653 7112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:45:42.0653 7112 clr_optimization_v4.0.30319_64 - ok
21:45:42.0716 7112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:45:42.0716 7112 CmBatt - ok
21:45:42.0763 7112 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:45:42.0763 7112 cmdide - ok
21:45:42.0841 7112 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:45:42.0841 7112 CNG - ok
21:45:42.0887 7112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:45:42.0887 7112 Compbatt - ok
21:45:42.0950 7112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:45:42.0965 7112 CompositeBus - ok
21:45:42.0981 7112 COMSysApp - ok
21:45:43.0106 7112 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
21:45:43.0106 7112 ConfigFree Gadget Service - ok
21:45:43.0153 7112 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
21:45:43.0153 7112 ConfigFree Service - ok
21:45:43.0199 7112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:45:43.0199 7112 crcdisk - ok
21:45:43.0277 7112 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:45:43.0293 7112 CryptSvc - ok
21:45:43.0387 7112 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
21:45:43.0387 7112 ctxusbm - ok
21:45:43.0480 7112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:45:43.0496 7112 DcomLaunch - ok
21:45:43.0574 7112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:45:43.0574 7112 defragsvc - ok
21:45:43.0636 7112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:45:43.0636 7112 DfsC - ok
21:45:43.0730 7112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:45:43.0745 7112 Dhcp - ok
21:45:43.0777 7112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:45:43.0777 7112 discache - ok
21:45:43.0823 7112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:45:43.0823 7112 Disk - ok
21:45:43.0901 7112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:45:43.0901 7112 Dnscache - ok
21:45:43.0948 7112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:45:43.0948 7112 dot3svc - ok
21:45:44.0011 7112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:45:44.0011 7112 DPS - ok
21:45:44.0073 7112 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:45:44.0073 7112 drmkaud - ok
21:45:44.0447 7112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:45:44.0447 7112 DXGKrnl - ok
21:45:44.0525 7112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:45:44.0525 7112 EapHost - ok
21:45:44.0869 7112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:45:44.0884 7112 ebdrv - ok
21:45:45.0087 7112 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:45:45.0087 7112 eeCtrl - ok
21:45:45.0259 7112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:45:45.0259 7112 EFS - ok
21:45:45.0399 7112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:45:45.0415 7112 ehRecvr - ok
21:45:45.0461 7112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:45:45.0461 7112 ehSched - ok
21:45:45.0602 7112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:45:45.0617 7112 elxstor - ok
21:45:45.0789 7112 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:45:45.0789 7112 EraserUtilRebootDrv - ok
21:45:45.0820 7112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:45:45.0820 7112 ErrDev - ok
21:45:45.0898 7112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:45:45.0898 7112 EventSystem - ok
21:45:45.0961 7112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:45:45.0961 7112 exfat - ok
21:45:45.0992 7112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:45:45.0992 7112 fastfat - ok
21:45:46.0117 7112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:45:46.0117 7112 Fax - ok
21:45:46.0163 7112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:45:46.0163 7112 fdc - ok
21:45:46.0226 7112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:45:46.0226 7112 fdPHost - ok
21:45:46.0241 7112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:45:46.0257 7112 FDResPub - ok
21:45:46.0273 7112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:45:46.0273 7112 FileInfo - ok
21:45:46.0288 7112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:45:46.0288 7112 Filetrace - ok
21:45:46.0335 7112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:45:46.0351 7112 flpydisk - ok
21:45:46.0413 7112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:45:46.0413 7112 FltMgr - ok
21:45:46.0585 7112 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:45:46.0600 7112 FontCache - ok
21:45:46.0678 7112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:46.0678 7112 FontCache3.0.0.0 - ok
21:45:46.0772 7112 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:45:46.0772 7112 FsDepends - ok
21:45:46.0819 7112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:45:46.0819 7112 Fs_Rec - ok
21:45:46.0897 7112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:45:46.0897 7112 fvevol - ok
21:45:46.0975 7112 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
21:45:46.0975 7112 FwLnk - ok
21:45:47.0021 7112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:45:47.0037 7112 gagp30kx - ok
21:45:47.0193 7112 GameConsoleService (4fbccbdd99a75c9efbc90392cf32af61) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:45:47.0193 7112 GameConsoleService - ok
21:45:47.0302 7112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:45:47.0318 7112 gpsvc - ok
21:45:47.0443 7112 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:47.0443 7112 gupdate - ok
21:45:47.0458 7112 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:47.0458 7112 gupdatem - ok
21:45:47.0536 7112 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:47.0536 7112 gusvc - ok
21:45:47.0630 7112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:45:47.0630 7112 hcw85cir - ok
21:45:47.0755 7112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:45:47.0770 7112 HdAudAddService - ok
21:45:47.0801 7112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:45:47.0801 7112 HDAudBus - ok
21:45:47.0848 7112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:45:47.0848 7112 HidBatt - ok
21:45:47.0879 7112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:45:47.0879 7112 HidBth - ok
21:45:47.0895 7112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:45:47.0895 7112 HidIr - ok
21:45:47.0942 7112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
21:45:47.0942 7112 hidserv - ok
21:45:48.0004 7112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:45:48.0020 7112 HidUsb - ok
21:45:48.0082 7112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:45:48.0082 7112 hkmsvc - ok
21:45:48.0145 7112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:45:48.0160 7112 HomeGroupListener - ok
21:45:48.0223 7112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:45:48.0223 7112 HomeGroupProvider - ok
21:45:48.0285 7112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:45:48.0285 7112 HpSAMD - ok
21:45:48.0410 7112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:45:48.0425 7112 HTTP - ok
21:45:48.0472 7112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:45:48.0472 7112 hwpolicy - ok
21:45:48.0519 7112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:45:48.0535 7112 i8042prt - ok
21:45:48.0628 7112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:45:48.0644 7112 iaStorV - ok
21:45:48.0800 7112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:48.0815 7112 idsvc - ok
21:45:48.0878 7112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:45:48.0878 7112 iirsp - ok
21:45:49.0018 7112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:45:49.0018 7112 IKEEXT - ok
21:45:49.0205 7112 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
21:45:49.0221 7112 IntcAzAudAddService - ok
21:45:49.0455 7112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:45:49.0455 7112 intelide - ok
21:45:49.0517 7112 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:45:49.0517 7112 intelppm - ok
21:45:49.0580 7112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:45:49.0580 7112 IPBusEnum - ok
21:45:49.0642 7112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:45:49.0642 7112 IpFilterDriver - ok
21:45:49.0689 7112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:45:49.0689 7112 IPMIDRV - ok
21:45:49.0767 7112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:45:49.0767 7112 IPNAT - ok
21:45:49.0798 7112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:45:49.0798 7112 IRENUM - ok
21:45:49.0845 7112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:45:49.0845 7112 isapnp - ok
21:45:49.0892 7112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:45:49.0892 7112 iScsiPrt - ok
21:45:50.0017 7112 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:45:50.0017 7112 ISODrive - ok
21:45:50.0079 7112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:45:50.0079 7112 kbdclass - ok
21:45:50.0126 7112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
21:45:50.0141 7112 kbdhid - ok
21:45:50.0173 7112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:45:50.0188 7112 KeyIso - ok
21:45:50.0313 7112 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
21:45:50.0329 7112 Kodak AiO Network Discovery Service - ok
21:45:50.0360 7112 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:45:50.0375 7112 KSecDD - ok
21:45:50.0391 7112 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:45:50.0391 7112 KSecPkg - ok
21:45:50.0453 7112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:45:50.0453 7112 ksthunk - ok
21:45:50.0531 7112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:45:50.0547 7112 KtmRm - ok
21:45:50.0625 7112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
21:45:50.0625 7112 LanmanServer - ok
21:45:50.0687 7112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:45:50.0703 7112 LanmanWorkstation - ok
21:45:51.0140 7112 LiveUpdate (f3fe36dde7f59b7d4f9581c920670198) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:45:51.0155 7112 LiveUpdate - ok
21:45:51.0452 7112 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:45:51.0452 7112 lltdio - ok
21:45:51.0545 7112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:45:51.0561 7112 lltdsvc - ok
21:45:51.0577 7112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:45:51.0577 7112 lmhosts - ok
21:45:51.0639 7112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:45:51.0639 7112 LSI_FC - ok
21:45:51.0670 7112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:45:51.0670 7112 LSI_SAS - ok
21:45:51.0701 7112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:45:51.0701 7112 LSI_SAS2 - ok
21:45:51.0748 7112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:45:51.0748 7112 LSI_SCSI - ok
21:45:51.0826 7112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:45:51.0826 7112 luafv - ok
21:45:51.0889 7112 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\DRIVERS\LVUSBS64.sys
21:45:51.0889 7112 LVUSBS64 - ok
21:45:51.0951 7112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:45:51.0951 7112 Mcx2Svc - ok
21:45:51.0982 7112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:45:51.0982 7112 megasas - ok
21:45:52.0060 7112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:45:52.0060 7112 MegaSR - ok
21:45:52.0216 7112 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:45:52.0216 7112 Microsoft Office Groove Audit Service - ok
21:45:52.0263 7112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:45:52.0263 7112 MMCSS - ok
21:45:52.0279 7112 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:45:52.0294 7112 Modem - ok
21:45:52.0357 7112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:45:52.0357 7112 monitor - ok
21:45:52.0419 7112 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\windows\system32\DRIVERS\motccgp.sys
21:45:52.0419 7112 motccgp - ok
21:45:52.0435 7112 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\windows\system32\DRIVERS\motccgpfl.sys
21:45:52.0435 7112 motccgpfl - ok
21:45:52.0481 7112 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\windows\system32\DRIVERS\motmodem.sys
21:45:52.0481 7112 motmodem - ok
21:45:52.0544 7112 MotoConnect Service (be72f68c3e898c6c7dd61afdf28769dd) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
21:45:52.0544 7112 MotoConnect Service - ok
21:45:52.0591 7112 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\windows\system32\DRIVERS\motswch.sys
21:45:52.0591 7112 MotoSwitchService - ok
21:45:52.0653 7112 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\windows\system32\DRIVERS\Motousbnet.sys
21:45:52.0653 7112 Motousbnet - ok
21:45:52.0715 7112 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\windows\system32\DRIVERS\motusbdevice.sys
21:45:52.0715 7112 motusbdevice - ok
21:45:52.0778 7112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:45:52.0778 7112 mouclass - ok
21:45:52.0840 7112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:45:52.0840 7112 mouhid - ok
21:45:52.0887 7112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:45:52.0903 7112 mountmgr - ok
21:45:52.0965 7112 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:45:52.0965 7112 MozillaMaintenance - ok
21:45:53.0043 7112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:45:53.0043 7112 mpio - ok
21:45:53.0090 7112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:45:53.0090 7112 mpsdrv - ok
21:45:53.0152 7112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:45:53.0152 7112 MRxDAV - ok
21:45:53.0199 7112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:45:53.0199 7112 mrxsmb - ok
21:45:53.0261 7112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:45:53.0261 7112 mrxsmb10 - ok
21:45:53.0293 7112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:45:53.0293 7112 mrxsmb20 - ok
21:45:53.0339 7112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:45:53.0339 7112 msahci - ok
21:45:53.0371 7112 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:45:53.0371 7112 msdsm - ok
21:45:53.0417 7112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:45:53.0417 7112 MSDTC - ok
21:45:53.0464 7112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:45:53.0464 7112 Msfs - ok
21:45:53.0495 7112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:45:53.0495 7112 mshidkmdf - ok
21:45:53.0527 7112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:45:53.0527 7112 msisadrv - ok
21:45:53.0573 7112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:45:53.0573 7112 MSiSCSI - ok
21:45:53.0589 7112 msiserver - ok
21:45:53.0636 7112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:45:53.0651 7112 MSKSSRV - ok
21:45:53.0667 7112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:45:53.0667 7112 MSPCLOCK - ok
21:45:53.0683 7112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:45:53.0683 7112 MSPQM - ok
21:45:53.0761 7112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:45:53.0761 7112 MsRPC - ok
21:45:53.0807 7112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:45:53.0807 7112 mssmbios - ok
21:45:53.0870 7112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:45:53.0870 7112 MSTEE - ok
21:45:53.0885 7112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:45:53.0885 7112 MTConfig - ok
21:45:53.0963 7112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:45:53.0963 7112 Mup - ok
21:45:54.0041 7112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:45:54.0057 7112 napagent - ok
21:45:54.0151 7112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:45:54.0151 7112 NativeWifiP - ok
21:45:54.0369 7112 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120507.022\ENG64.SYS
21:45:54.0369 7112 NAVENG - ok
21:45:54.0587 7112 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120507.022\EX64.SYS
21:45:54.0587 7112 NAVEX15 - ok
21:45:54.0915 7112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:45:54.0915 7112 NDIS - ok
21:45:54.0962 7112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:45:54.0962 7112 NdisCap - ok
21:45:55.0024 7112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:45:55.0024 7112 NdisTapi - ok
21:45:55.0071 7112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:45:55.0071 7112 Ndisuio - ok
21:45:55.0133 7112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:45:55.0133 7112 NdisWan - ok
21:45:55.0180 7112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:45:55.0196 7112 NDProxy - ok
21:45:55.0243 7112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:45:55.0243 7112 NetBIOS - ok
21:45:55.0305 7112 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:45:55.0321 7112 NetBT - ok
21:45:55.0352 7112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:45:55.0367 7112 Netlogon - ok
21:45:55.0430 7112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:45:55.0445 7112 Netman - ok
21:45:55.0492 7112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:45:55.0492 7112 netprofm - ok
21:45:55.0601 7112 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:45:55.0601 7112 NetTcpPortSharing - ok
21:45:55.0664 7112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:45:55.0664 7112 nfrd960 - ok
21:45:55.0757 7112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:45:55.0757 7112 NlaSvc - ok
21:45:55.0804 7112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:45:55.0820 7112 Npfs - ok
21:45:55.0851 7112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:45:55.0851 7112 nsi - ok
21:45:55.0867 7112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:45:55.0882 7112 nsiproxy - ok
21:45:56.0023 7112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:45:56.0038 7112 Ntfs - ok
21:45:56.0147 7112 NTI BackupNowEZSvr (07953351a3424baa50fc5c4a1434fb04) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
21:45:56.0147 7112 NTI BackupNowEZSvr - ok
21:45:56.0381 7112 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\windows\system32\drivers\NTIDrvr.sys
21:45:56.0381 7112 NTIDrvr - ok
21:45:56.0428 7112 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:45:56.0428 7112 Null - ok
21:45:56.0475 7112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:45:56.0475 7112 nvraid - ok
21:45:56.0506 7112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:45:56.0506 7112 nvstor - ok
21:45:56.0569 7112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:45:56.0584 7112 nv_agp - ok
21:45:56.0756 7112 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:56.0771 7112 odserv - ok
21:45:56.0818 7112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:45:56.0818 7112 ohci1394 - ok
21:45:56.0896 7112 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:56.0912 7112 ose - ok
21:45:57.0005 7112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:45:57.0021 7112 p2pimsvc - ok
21:45:57.0068 7112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:45:57.0068 7112 p2psvc - ok
21:45:57.0115 7112 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:45:57.0115 7112 Parport - ok
21:45:57.0161 7112 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:45:57.0161 7112 partmgr - ok
21:45:57.0208 7112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:45:57.0224 7112 PcaSvc - ok
21:45:57.0271 7112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:45:57.0271 7112 pci - ok
21:45:57.0286 7112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:45:57.0286 7112 pciide - ok
21:45:57.0349 7112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:45:57.0364 7112 pcmcia - ok
21:45:57.0380 7112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:45:57.0380 7112 pcw - ok
21:45:57.0458 7112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:45:57.0458 7112 PEAUTH - ok
21:45:57.0598 7112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:45:57.0598 7112 PerfHost - ok
21:45:57.0676 7112 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
21:45:57.0676 7112 PGEffect - ok
21:45:57.0973 7112 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS
21:45:57.0988 7112 PID_PEPI - ok
21:45:58.0253 7112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:45:58.0269 7112 pla - ok
21:45:58.0331 7112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:45:58.0331 7112 PlugPlay - ok
21:45:58.0363 7112 PnkBstrA - ok
21:45:58.0363 7112 PnkBstrB - ok
21:45:58.0425 7112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:45:58.0425 7112 PNRPAutoReg - ok
21:45:58.0472 7112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:45:58.0472 7112 PNRPsvc - ok
21:45:58.0550 7112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:45:58.0565 7112 PolicyAgent - ok
21:45:58.0612 7112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:45:58.0612 7112 Power - ok
21:45:58.0706 7112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:45:58.0706 7112 PptpMiniport - ok
21:45:58.0753 7112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:45:58.0753 7112 Processor - ok
21:45:58.0831 7112 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:45:58.0831 7112 ProfSvc - ok
21:45:58.0877 7112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:45:58.0893 7112 ProtectedStorage - ok
21:45:58.0955 7112 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:45:58.0955 7112 Psched - ok
21:45:59.0096 7112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:45:59.0111 7112 ql2300 - ok
21:45:59.0345 7112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:45:59.0345 7112 ql40xx - ok
21:45:59.0408 7112 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:45:59.0408 7112 QWAVE - ok
21:45:59.0423 7112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:45:59.0439 7112 QWAVEdrv - ok
21:45:59.0455 7112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:45:59.0455 7112 RasAcd - ok
21:45:59.0517 7112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:45:59.0517 7112 RasAgileVpn - ok
21:45:59.0564 7112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:45:59.0579 7112 RasAuto - ok
21:45:59.0642 7112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:45:59.0642 7112 Rasl2tp - ok
21:45:59.0720 7112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:45:59.0720 7112 RasMan - ok
21:45:59.0782 7112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:45:59.0782 7112 RasPppoe - ok
21:45:59.0798 7112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:45:59.0798 7112 RasSstp - ok
21:45:59.0860 7112 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:45:59.0860 7112 rdbss - ok
21:45:59.0891 7112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:45:59.0891 7112 rdpbus - ok
21:45:59.0907 7112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:45:59.0907 7112 RDPCDD - ok
21:45:59.0938 7112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:45:59.0938 7112 RDPENCDD - ok
21:45:59.0954 7112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:45:59.0954 7112 RDPREFMP - ok
21:46:00.0016 7112 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:46:00.0016 7112 RDPWD - ok
21:46:00.0094 7112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:46:00.0110 7112 rdyboost - ok
21:46:00.0157 7112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:46:00.0157 7112 RemoteAccess - ok
21:46:00.0219 7112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:46:00.0235 7112 RemoteRegistry - ok
21:46:00.0250 7112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:46:00.0250 7112 RpcEptMapper - ok
21:46:00.0297 7112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:46:00.0297 7112 RpcLocator - ok
21:46:00.0391 7112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:46:00.0391 7112 RpcSs - ok
21:46:00.0484 7112 RSELSVC - ok
21:46:00.0562 7112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:46:00.0562 7112 rspndr - ok
21:46:00.0656 7112 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
21:46:00.0656 7112 RSUSBSTOR - ok
21:46:00.0734 7112 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\windows\system32\drivers\RtHDMIVX.sys
21:46:00.0734 7112 RTHDMIAzAudService - ok
21:46:00.0843 7112 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
21:46:00.0859 7112 RTL8167 - ok
21:46:00.0983 7112 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
21:46:00.0999 7112 rtl8192se - ok
21:46:01.0015 7112 RtsUIR - ok
21:46:01.0077 7112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:46:01.0077 7112 SamSs - ok
21:46:01.0202 7112 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:46:01.0202 7112 SASDIFSV - ok
21:46:01.0249 7112 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:46:01.0249 7112 SASKUTIL - ok
21:46:01.0311 7112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:46:01.0311 7112 sbp2port - ok
21:46:01.0607 7112 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:46:01.0607 7112 SBSDWSCService - ok
21:46:01.0670 7112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:46:01.0670 7112 SCardSvr - ok
21:46:01.0748 7112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:46:01.0748 7112 scfilter - ok
21:46:01.0904 7112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:46:01.0919 7112 Schedule - ok
21:46:01.0966 7112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:46:01.0966 7112 SCPolicySvc - ok
21:46:02.0013 7112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:46:02.0013 7112 SDRSVC - ok
21:46:02.0107 7112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:46:02.0122 7112 secdrv - ok
21:46:02.0185 7112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:46:02.0200 7112 seclogon - ok
21:46:02.0247 7112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
21:46:02.0247 7112 SENS - ok
21:46:02.0278 7112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:46:02.0278 7112 SensrSvc - ok
21:46:02.0341 7112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:46:02.0341 7112 Serenum - ok
21:46:02.0356 7112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:46:02.0356 7112 Serial - ok
21:46:02.0419 7112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:46:02.0419 7112 sermouse - ok
21:46:02.0497 7112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:46:02.0497 7112 SessionEnv - ok
21:46:02.0543 7112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:46:02.0543 7112 sffdisk - ok
21:46:02.0559 7112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:46:02.0575 7112 sffp_mmc - ok
21:46:02.0590 7112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:46:02.0590 7112 sffp_sd - ok
21:46:02.0637 7112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:46:02.0637 7112 sfloppy - ok
21:46:02.0731 7112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:46:02.0731 7112 SharedAccess - ok
21:46:02.0793 7112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:46:02.0809 7112 ShellHWDetection - ok
21:46:02.0840 7112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:46:02.0840 7112 SiSRaid2 - ok
21:46:02.0871 7112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:46:02.0871 7112 SiSRaid4 - ok
21:46:02.0980 7112 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:46:02.0980 7112 SkypeUpdate - ok
21:46:03.0011 7112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:46:03.0011 7112 Smb - ok
21:46:03.0401 7112 SmcService (4f7bfe128cbaa98966112a80628fa5ff) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
21:46:03.0433 7112 SmcService - ok
21:46:03.0604 7112 SNAC (51775446c5ffbdf10848f450301318ea) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
21:46:03.0604 7112 SNAC - ok
21:46:03.0838 7112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:46:03.0838 7112 SNMPTRAP - ok
21:46:03.0932 7112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:46:03.0932 7112 spldr - ok
21:46:04.0041 7112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:46:04.0041 7112 Spooler - ok
21:46:04.0400 7112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:46:04.0415 7112 sppsvc - ok
21:46:04.0587 7112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:46:04.0587 7112 sppuinotify - ok
21:46:04.0727 7112 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\windows\system32\Drivers\SRTSP64.SYS
21:46:04.0727 7112 SRTSP - ok
21:46:04.0790 7112 SRTSPL (b0304f6120848db7d7709843e2294705) C:\windows\system32\Drivers\SRTSPL64.SYS
21:46:04.0790 7112 SRTSPL - ok
21:46:04.0805 7112 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\windows\system32\Drivers\SRTSPX64.SYS
21:46:04.0805 7112 SRTSPX - ok
21:46:04.0868 7112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:46:04.0868 7112 srv - ok
21:46:04.0915 7112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:46:04.0915 7112 srv2 - ok
21:46:04.0930 7112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:46:04.0930 7112 srvnet - ok
21:46:05.0008 7112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:46:05.0008 7112 SSDPSRV - ok
21:46:05.0039 7112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:46:05.0055 7112 SstpSvc - ok
21:46:05.0133 7112 Steam Client Service - ok
21:46:05.0164 7112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:46:05.0180 7112 stexstor - ok
21:46:05.0289 7112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:46:05.0305 7112 stisvc - ok
21:46:05.0351 7112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:46:05.0351 7112 swenum - ok
21:46:05.0414 7112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:46:05.0429 7112 swprv - ok
21:46:05.0679 7112 Symantec AntiVirus (96900995907415fb4a8a18d97b3aa4a3) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:46:05.0695 7112 Symantec AntiVirus - ok
21:46:05.0944 7112 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:46:05.0944 7112 SymEvent - ok
21:46:06.0022 7112 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
21:46:06.0022 7112 SynTP - ok
21:46:06.0194 7112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:46:06.0225 7112 SysMain - ok
21:46:06.0397 7112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:46:06.0397 7112 TabletInputService - ok
21:46:06.0475 7112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:46:06.0490 7112 TapiSrv - ok
21:46:06.0521 7112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:46:06.0521 7112 TBS - ok
21:46:06.0802 7112 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:46:06.0818 7112 Tcpip - ok
21:46:07.0208 7112 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:46:07.0223 7112 TCPIP6 - ok
21:46:07.0457 7112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:46:07.0457 7112 tcpipreg - ok
21:46:07.0520 7112 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:46:07.0520 7112 tdcmdpst - ok
21:46:07.0567 7112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:46:07.0567 7112 TDPIPE - ok
21:46:07.0613 7112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:46:07.0629 7112 TDTCP - ok
21:46:07.0676 7112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:46:07.0691 7112 tdx - ok
21:46:07.0738 7112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:46:07.0738 7112 TermDD - ok
21:46:07.0816 7112 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:46:07.0832 7112 TermService - ok
21:46:07.0863 7112 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:46:07.0863 7112 Themes - ok
21:46:07.0910 7112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:46:07.0910 7112 THREADORDER - ok
21:46:08.0050 7112 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:46:08.0050 7112 TMachInfo - ok
21:46:08.0128 7112 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
21:46:08.0128 7112 TODDSrv - ok
21:46:08.0269 7112 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:46:08.0284 7112 TosCoSrv - ok
21:46:08.0331 7112 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:46:08.0347 7112 TOSHIBA eco Utility Service - ok
21:46:08.0440 7112 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:46:08.0440 7112 TOSHIBA HDD SSD Alert Service - ok
21:46:08.0612 7112 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
21:46:08.0612 7112 tos_sps64 - ok
21:46:08.0752 7112 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:46:08.0768 7112 TPCHSrv - ok
21:46:08.0939 7112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:46:08.0955 7112 TrkWks - ok
21:46:09.0049 7112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:46:09.0064 7112 TrustedInstaller - ok
21:46:09.0127 7112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:46:09.0127 7112 tssecsrv - ok
21:46:09.0189 7112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:46:09.0189 7112 TsUsbFlt - ok
21:46:09.0267 7112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:46:09.0267 7112 tunnel - ok
21:46:09.0314 7112 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:46:09.0329 7112 TVALZ - ok
21:46:09.0376 7112 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:46:09.0392 7112 TVALZFL - ok
21:46:09.0439 7112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:46:09.0439 7112 uagp35 - ok
21:46:09.0501 7112 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\windows\system32\drivers\UBHelper.sys
21:46:09.0501 7112 UBHelper - ok
21:46:09.0579 7112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:46:09.0579 7112 udfs - ok
21:46:09.0641 7112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:46:09.0641 7112 UI0Detect - ok
21:46:09.0719 7112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:46:09.0719 7112 uliagpkx - ok
21:46:09.0751 7112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
21:46:09.0751 7112 umbus - ok
21:46:09.0797 7112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:46:09.0797 7112 UmPass - ok
21:46:09.0875 7112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:46:09.0875 7112 upnphost - ok
21:46:09.0922 7112 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
21:46:09.0938 7112 usbaudio - ok
21:46:10.0000 7112 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:46:10.0000 7112 usbccgp - ok
21:46:10.0016 7112 USBCCID - ok
21:46:10.0078 7112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:46:10.0094 7112 usbcir - ok
21:46:10.0125 7112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
21:46:10.0125 7112 usbehci - ok
21:46:10.0187 7112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:46:10.0203 7112 usbhub - ok
21:46:10.0219 7112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
21:46:10.0219 7112 usbohci - ok
21:46:10.0281 7112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:46:10.0281 7112 usbprint - ok
21:46:10.0343 7112 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:46:10.0343 7112 usbscan - ok
21:46:10.0406 7112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:46:10.0406 7112 USBSTOR - ok
21:46:10.0437 7112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:46:10.0437 7112 usbuhci - ok
21:46:10.0531 7112 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
21:46:10.0531 7112 usbvideo - ok
21:46:10.0593 7112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:46:10.0593 7112 UxSms - ok
21:46:10.0640 7112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:46:10.0640 7112 VaultSvc - ok
21:46:10.0718 7112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:46:10.0718 7112 vdrvroot - ok
21:46:10.0811 7112 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:46:10.0827 7112 vds - ok
21:46:10.0905 7112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:46:10.0905 7112 vga - ok
21:46:10.0936 7112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:46:10.0936 7112 VgaSave - ok
21:46:10.0983 7112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:46:10.0999 7112 vhdmp - ok
21:46:11.0014 7112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:46:11.0014 7112 viaide - ok
21:46:11.0030 7112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:46:11.0030 7112 volmgr - ok
21:46:11.0108 7112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:46:11.0123 7112 volmgrx - ok
21:46:11.0186 7112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:46:11.0201 7112 volsnap - ok
21:46:11.0248 7112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:46:11.0248 7112 vsmraid - ok
21:46:11.0420 7112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:46:11.0435 7112 VSS - ok
21:46:11.0638 7112 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
21:46:11.0654 7112 vToolbarUpdater11.0.2 - ok
21:46:11.0888 7112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:46:11.0888 7112 vwifibus - ok
21:46:11.0919 7112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:46:11.0919 7112 vwififlt - ok
21:46:11.0997 7112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:46:12.0013 7112 W32Time - ok
21:46:12.0044 7112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:46:12.0044 7112 WacomPen - ok
21:46:12.0122 7112 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:46:12.0122 7112 WANARP - ok
21:46:12.0122 7112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:46:12.0137 7112 Wanarpv6 - ok
21:46:12.0293 7112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:46:12.0309 7112 WatAdminSvc - ok
21:46:12.0449 7112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:46:12.0449 7112 wbengine - ok
21:46:12.0652 7112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:46:12.0652 7112 WbioSrvc - ok
21:46:12.0730 7112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:46:12.0730 7112 wcncsvc - ok
21:46:12.0777 7112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:46:12.0777 7112 WcsPlugInService - ok
21:46:12.0871 7112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:46:12.0871 7112 Wd - ok
21:46:12.0949 7112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:46:12.0949 7112 Wdf01000 - ok
21:46:12.0964 7112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:46:12.0964 7112 WdiServiceHost - ok
21:46:12.0964 7112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:46:12.0980 7112 WdiSystemHost - ok
21:46:13.0042 7112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:46:13.0042 7112 WebClient - ok
21:46:13.0105 7112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:46:13.0120 7112 Wecsvc - ok
21:46:13.0136 7112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:46:13.0136 7112 wercplsupport - ok
21:46:13.0198 7112 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:46:13.0198 7112 WerSvc - ok
21:46:13.0307 7112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:46:13.0307 7112 WfpLwf - ok
21:46:13.0339 7112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:46:13.0339 7112 WIMMount - ok
21:46:13.0354 7112 WinHttpAutoProxySvc - ok
21:46:13.0463 7112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:46:13.0463 7112 Winmgmt - ok
21:46:13.0682 7112 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:46:13.0697 7112 WinRM - ok
21:46:13.0963 7112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:46:13.0963 7112 WinUsb - ok
21:46:14.0087 7112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:46:14.0103 7112 Wlansvc - ok
21:46:14.0165 7112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:46:14.0165 7112 WmiAcpi - ok
21:46:14.0275 7112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:46:14.0275 7112 wmiApSrv - ok
21:46:14.0337 7112 WMPNetworkSvc - ok
21:46:14.0384 7112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:46:14.0384 7112 WPCSvc - ok
21:46:14.0446 7112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:46:14.0446 7112 WPDBusEnum - ok
21:46:14.0493 7112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:46:14.0493 7112 ws2ifsl - ok
21:46:14.0493 7112 WSearch - ok
21:46:14.0711 7112 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:46:14.0727 7112 wuauserv - ok
21:46:14.0961 7112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:46:14.0961 7112 WudfPf - ok
21:46:14.0992 7112 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:46:14.0992 7112 WUDFRd - ok
21:46:15.0055 7112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:46:15.0055 7112 wudfsvc - ok
21:46:15.0117 7112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:46:15.0133 7112 WwanSvc - ok
21:46:15.0195 7112 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:46:15.0257 7112 \Device\Harddisk0\DR0 - ok
21:46:15.0585 7112 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR5
21:46:16.0147 7112 \Device\Harddisk1\DR5 - ok
21:46:16.0162 7112 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR5
21:46:16.0661 7112 \Device\Harddisk1\DR5 - ok
21:46:16.0693 7112 Boot (0x1200) (8254b464d75508ad46f94573f37d47b0) \Device\Harddisk0\DR0\Partition0
21:46:16.0693 7112 \Device\Harddisk0\DR0\Partition0 - ok
21:46:16.0693 7112 Boot (0x1200) (a4be286a91ef9f3af7e8c6ffbb53239e) \Device\Harddisk1\DR5\Partition0
21:46:16.0693 7112 \Device\Harddisk1\DR5\Partition0 - ok
21:46:16.0708 7112 Boot (0x1200) (a4be286a91ef9f3af7e8c6ffbb53239e) \Device\Harddisk1\DR5\Partition0
21:46:16.0708 7112 \Device\Harddisk1\DR5\Partition0 - ok
21:46:16.0708 7112 ============================================================
21:46:16.0708 7112 Scan finished
21:46:16.0708 7112 ============================================================
21:46:16.0724 3620 Detected object count: 0
21:46:16.0724 3620 Actual detected object count: 0


MBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 21:47:20
-----------------------------
21:47:20.184 OS Version: Windows x64 6.1.7601 Service Pack 1
21:47:20.184 Number of processors: 2 586 0x602
21:47:20.184 ComputerName: KATERINE UserName: Jusuchin
21:47:21.510 Initialize success
21:47:25.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:47:25.062 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001M Size: 305245MB BusType: 11
21:47:25.108 Disk 0 MBR read successfully
21:47:25.108 Disk 0 MBR scan
21:47:25.108 Disk 0 Windows VISTA default MBR code
21:47:25.124 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:47:25.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288799 MB offset 3074048
21:47:25.155 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14944 MB offset 594534400
21:47:25.218 Disk 0 scanning C:\windows\system32\drivers
21:47:37.027 Service scanning
21:48:35.589 Modules scanning
21:48:35.605 Disk 0 trace - called modules:
21:48:35.636 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:48:35.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004361790]
21:48:35.667 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa80042c05b0]
21:48:35.683 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80042ca060]
21:48:35.683 Scan finished successfully
21:48:44.747 Disk 0 MBR has been saved successfully to "C:\Users\Jusuchin\Desktop\MBR.dat"
21:48:44.762 The log file has been saved successfully to "C:\Users\Jusuchin\Desktop\aswMBR.txt"


Attached File  MBR.zip   567bytes   0 downloads

I hope this helps. It keeps detecting those trojans.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 08 May 2012 - 08:17 AM

It's good that the logs are clean. We can now use these tools.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

Let me know if the problem persists.

#6 Jusuchin

Jusuchin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 08 May 2012 - 05:27 PM

Did those, although combofix said synmantec was still running when I disabled it. Don't know if that will be a problem.

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jusuchin :: KATERINE [administrator]

5/8/2012 12:56:13 PM
mbam-log-2012-05-08 (12-56-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220803
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleData (Trojan.SHarpro.PGen) -> Data: rundll32.exe "C:\Users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL",DllRegisterServer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ComboFix:

ComboFix 12-05-08.02 - Jusuchin 05/08/2012 13:20:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2297 [GMT -4:00]
Running from: c:\users\Jusuchin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\x4m6vawy.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}
c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\x4m6vawy.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}\chrome\xulcache.jar
c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\x4m6vawy.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}\install.rdf
c:\users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}
c:\users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}\chrome\xulcache.jar
c:\users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\extensions\{54bc0b77-fbc0-4bad-87ec-1ed9fd4f4cdc}\install.rdf
c:\windows\system32\Thumbs.db
H:\Autorun.inf
H:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 18:21 . 2012-05-08 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 18:21 . 2012-05-08 18:21 -------- d-----w- c:\users\Backup\AppData\Local\temp
2012-05-02 18:44 . 2012-05-02 18:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 18:43 . 2012-05-02 18:43 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 18:43 . 2012-05-02 18:43 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 11:13 . 2012-04-30 11:13 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-30 11:13 . 2012-04-30 11:12 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-30 11:12 . 2012-04-30 11:12 -------- d-----w- c:\program files\Java
2012-04-30 10:51 . 2012-04-30 10:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-27 04:04 . 2012-04-27 05:27 -------- d-----w- c:\users\Jusuchin\AppData\Roaming\AVG
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- c:\users\Jusuchin\AppData\Local\AVG Secure Search
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-04-27 03:54 . 2012-04-27 03:54 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-27 03:53 . 2012-05-08 12:07 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-27 03:53 . 2012-04-27 03:57 -------- d-----w- c:\programdata\AVG2012
2012-04-27 03:53 . 2012-04-27 03:53 -------- d-----w- C:\$AVG
2012-04-27 03:53 . 2012-04-28 11:18 -------- d-----w- c:\program files (x86)\AVG
2012-04-27 03:50 . 2012-04-27 03:50 -------- d--h--w- c:\programdata\Common Files
2012-04-27 03:50 . 2012-05-08 12:07 -------- d-----w- c:\programdata\MFAData
2012-04-24 08:07 . 2012-04-24 08:07 -------- d-----w- c:\program files (x86)\WoT Skins Installer
2012-04-24 01:06 . 2012-04-24 01:06 -------- d-----w- c:\program files (x86)\Poedit
2012-04-23 20:04 . 2012-04-23 20:04 -------- d-----w- C:\Games
2012-04-20 01:59 . 2012-04-20 01:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-20 01:59 . 2012-04-20 01:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 23:28 . 2012-04-19 23:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 18:21 . 2012-05-04 20:21 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 15:29 . 2012-04-19 15:29 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-12 21:26 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 21:26 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 21:26 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 21:23 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 21:23 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 21:23 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 21:23 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 21:23 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 21:23 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 21:23 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:21 . 2012-03-30 04:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 20:21 . 2011-06-25 07:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-08-20 22:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 06:38 . 2012-03-14 11:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 11:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:53 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-27 03:55 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-27 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"Chatango"="c:\program files (x86)\Chatango\Chatango.exe" [2008-02-05 356352]
"Akamai NetSession Interface"="c:\users\Jusuchin\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-04-13 115624]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2010-09-02 2045440]
"BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-27 1116544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 135664]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-09-24 45592]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-27 932736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:21]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 07:04]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 07:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Jusuchin\AppData\Roaming\Mozilla\Firefox\Profiles\6t1qh8qz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://randomc.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cadb78-86f0-4b25-b36a-0ec68835820c%7D&mid=611f9f5e862647d09880d16f2ade70b0-bf6e22dc7eec45253c3081a3f84b54c684ab4124&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-26%2023%3A55%3A25&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKU-Default-Run-GoogleData - c:\users\Backup\AppData\Local\Google\GoogleData\Googledata.DLL
SafeBoot-53352708.sys
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2012-05-08 14:58:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 18:58
.
Pre-Run: 111,560,855,552 bytes free
Post-Run: 111,167,451,136 bytes free
.
- - End Of File - - 9F32D47DF0AD7985F2022DCC6E8AEF35


Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 09 May 2012 - 08:55 AM

Your logs are clean.

Any remaining issues?

#8 Jusuchin

Jusuchin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 09 May 2012 - 04:00 PM

No. I guess constantly rerunning the antivirus stuff got em. So far they haven't popped up. Even with my lifestyle I have Symantec do a nightly quick scan and a weekly full scan on Sundays and often run MBAM every few days. So I'm honestly wondering how I got those. Thanks though for helping.

#9 Jusuchin

Jusuchin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 09 May 2012 - 08:27 PM

Double post, but, still appearing. WTF.

Attached File  STILLAPPEARING.png   279.92KB   1 downloads

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 10 May 2012 - 07:57 AM

These are false positive.
Read about it.

http://www.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

There is more than one solution to this problem.

If you cannot find it in the topic you should open a new topic with Symantec.

The topic is long. Just look for some suggested solutions. From what I read you should not be worry other than it's a nuisance.

One solution is to clean Symantec quarantine folder. Hope that helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users